Skip to content

release: v0.10.1 (CodeQL hardening)#51

Merged
tbitcs merged 1 commit intomainfrom
develop
May 4, 2026
Merged

release: v0.10.1 (CodeQL hardening)#51
tbitcs merged 1 commit intomainfrom
develop

Conversation

@tbitcs
Copy link
Copy Markdown
Contributor

@tbitcs tbitcs commented May 4, 2026

What

Release PR for v0.10.1.

This is the standard develop → main sync that bumps the user-facing
version, lands on main, and gets tagged. Mirrors the workflow we
just established on BitConcepts/specsmith#95.

Version

package.json: 0.10.00.10.1

What's in this release

  • Security: 17 CodeQL alerts closed (security: resolve 17 CodeQL alerts (XSS / attribute-sanitization / insecure-randomness / shell-quote) #49)
    • XSS / attribute-sanitization / insecure-randomness / shell-quote.
    • media/session.js �sc() strengthened, inline onclick
      handlers replaced with data-action + delegated listener,
      crypto.randomUUID() for session ids, shell-quote helpers
      escape backslashes before quotes.
  • Tighter <script> end-tag regex to handle attribute chars
    after </script (CodeQL js/bad-tag-filter follow-up).
  • Cloud Runs sidebar tree retirement was already documented under
    [Unreleased]; that note moves under [0.10.1] along with
    the rest of this release.

Verification

  • npm run lint: clean.
  • npm test: 144 passing.
  • npm run build: bundle builds cleanly.
  • Open PRs / issues / Dependabot / secret-scanning / CodeQL: 0 across
    both repos.

After merge

Tag the merge commit v0.10.1 and fast-forward develop to
match main.

Co-Authored-By: Oz oz-agent@warp.dev

@tbitcs @oz-agent
chore(release): bump version to 0.10.1
56edfad 
Bumps `package.json` from 0.10.0 to 0.10.1 and renames the existing
`[Unreleased]` CHANGELOG section to `[0.10.1] - 2026-05-04`. The
0.10.0 tag captured the multi-agent + BYOE work (PRs #45/#47/#48);
this point release rolls in the security hardening from #49 (17
CodeQL alerts closed) and the regex follow-up.

Validation:
- npm run lint: clean.
- npm test: 144 passing.

Co-Authored-By: Oz <oz-agent@warp.dev>
@tbitcs tbitcs merged commit 909e615 into main May 4, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tbitcs